krb5+Ubuntu (maverick, jaunty (LTS))+ssh

Brian Candler B.Candler at pobox.com
Sat Nov 20 03:58:29 EST 2010


On Fri, Nov 19, 2010 at 02:03:09PM +0100, Thomas Schweikle wrote:
> I can log in from maverick to maverick machines. No problem.
> kerberos does what it is expected to do.
> 
> I can't log in from any jaunty (10.04.1 LTS) machine to any other
> machine using kerberos. I am handled a session key, but
> authenticating against any of the jaunty-machines fails. ssh falls
> back to password authentication.

Sorry to state the obvious, but have you set

Host *
...
    GSSAPIAuthentication yes

in /etc/ssh/ssh_config ?

What does ssh -v <host> show when you try to connect?

> The kerberos server on jaunty seems to work as expected, but the
> client and GSSAPI seems badly broken.

10.04.1 LTS isn't Jaunty, it's Lucid. "cat /etc/lsb-release" to see what you
have.

I have a Lucid client which can quite happily kinit to Active Directory, and
ssh to RedHat machines using its Kerberos ticket.

Regards,

Brian.



More information about the Kerberos mailing list